C h a p t e r – Cisco 10000 User Manual

Page 291

Advertising
background image

C H A P T E R

11-1

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

11

Configuring Local AAA Server, User
Database—Domain to VRF

The Local AAA Server, User Database—Domain to VRF feature extends the Cisco IOS AAA
Authorization to local AAA profiles on the router without using an AAA Server. The local user database
acts as a local AAA server, and is fully compatible with any external AAA Server. If you want to
maintain your user database locally or provide a failover local mechanism, you no longer have to
sacrifice policy options when defining local users.

This flexibility allows you to provide complete user authentication and authorization locally within
Cisco IOS without using an AAA Server, provided the local username list is relatively small. While
authentication can be done on the router for a limited number of user names, it might make more sense
and be much more scalable to use an AAA Server. Note that accounting is still be done on an AAA server
and is not be supported on the router.

The key function that this feature provides is a mapping of user domain names to local AAA profiles.
This allows AAA attributes to be applied to the PPP session as part of the PPP session establishment.
These local AAA attributes are RADIUS attributes that would normally be defined on a Radius Server
but now are defined locally on the router.

Subscriber profiles are used to match user domain names, and on a match to use a defined AAA attribute
list. The AAA attribute list contains a list of valid Cisco IOS format AAA attributes.

Note

Domain to subscriber profile matching is a global match. Limiting which domains are permitted or
denied per PPPoE bba-group or PVC is not supported.

This chapter describes the Local AAA Server, User Database—Domain to VRF feature in the following
topics:

Feature History for Local AAA Server, User Database—Domain to VRF, page 11-2

Prerequisites for Local AAA Server, User Database—Domain to VRF, page 11-2

Establishing a PPP Connection, page 11-2

AAA Attribute Lists, page 11-4

Subscriber Profiles, page 11-5

AAA Method Lists, page 11-6

Configuration Tasks for Local AAA Server, User Database—Domain to VRF Using Local
Attributes, page 11-6

Verifying Local AAA Server, User Database—Domain to VRF Using Local Attributes, page 11-9

Advertising
Popular Brands
Popular manuals